CVE-2003-0533: Buffer Overflow
First published: Fri Apr 16 2004(Updated: )
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft NetMeeting | ||
| Microsoft Windows 2000 | =sp2 | |
| Microsoft Windows XP | =sp1 | |
| Microsoft Windows NT | =4.0-sp6a | |
| Microsoft Windows 2003 Server | =r2 | |
| Microsoft Windows Me | ||
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows 98 | =gold |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA04-104A.html
- http://www.kb.cert.org/vuls/id/753212
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020069.html
- http://www.eeye.com/html/Research/Advisories/AD20040413C.html
- http://www.ciac.org/ciac/bulletins/o-114.shtml
- http://www.securityfocus.com/bid/10108
- http://marc.info/?l=bugtraq&m=108325860431471&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15699
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A919
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A898
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A883
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft netmeeting
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp1
- canonical/microsoft windows nt
- version/microsoft windows nt/4.0-sp6a
- canonical/microsoft windows 2003 server
- version/microsoft windows 2003 server/r2
- canonical/microsoft windows me
- version/microsoft windows 2000/sp4
- canonical/microsoft windows 98
- version/microsoft windows 98/gold